Exit
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0

Session variable on log-in page

Explorer ,
Sep 06, 2006 Sep 06, 2006
Hi all,

I need to set a session variable in a Log In User page using the DW built in server behavior, using asp and access db. I want the session variable to be set to ID. The Log In User server behavior already stores username and authorization level in session variables but I also need the record ID of the user to be able to pull out more information about the user later. I am using this code to log in user and store the other session variables:

<%
' *** Validate request to log in to this site.
' *** Loggar in användare samt sparar session variablar "MM_Username" samt "MM_UserAuthorization".
'
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("username"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization="access_level"
MM_redirectLoginSuccess="/extranet/Default_2.asp"
MM_redirectLoginFailed="access_denied.asp"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_users_STRING
MM_rsUser.Source = "SELECT username, password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM users WHERE username='" & Replace(MM_valUsername,"'","''") &"' AND password='" & Replace(Request.Form("password"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
TOPICS
Server side applications
402
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Sep 06, 2006 Sep 06, 2006
i'd have unique user names and use it later for whatever you need.
there's a server behavior for that: User authentication > Check User
Name or somethink like this

anyway you could try this if you prefer the ID field:

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
Session("ID") = MM_rsUser.Fields.Item("ID").Value

...
End If

hth,

jdoe

wavesurfer wrote:

> Hi all,
>
> I need to set a session variable in a Log In User page using the DW built in
> server behavior, using asp and access db. I want the session variable to be set
> to ID. The Log In User server behavior already stores username and
> authorization level in session variables but I also need the record ID of the
> user to be able to pull out more information about the user later. I am using
> this code to log in user and store the other session variables:
>
> <%
> ' *** Validate request to log in to this site.
> ' *** Loggar in anv�ndare samt sparar session variablar "MM_Username" samt
> "MM_UserAuthorization".
> '
> MM_LoginAction = Request.ServerVariables("URL")
> If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
> Server.HTMLEncode(Request.QueryString)
> MM_valUsername=CStr(Request.Form("username"))
> If MM_valUsername <> "" Then
> MM_fldUserAuthorization="access_level"
> MM_redirectLoginSuccess="/extranet/Default_2.asp"
> MM_redirectLoginFailed="access_denied.asp"
> MM_flag="ADODB.Recordset"
> set MM_rsUser = Server.CreateObject(MM_flag)
> MM_rsUser.ActiveConnection = MM_users_STRING
> MM_rsUser.Source = "SELECT username, password"
> If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source &
> "," & MM_fldUserAuthorization
> MM_rsUser.Source = MM_rsUser.Source & " FROM users WHERE username='" &
> Replace(MM_valUsername,"'","''") &"' AND password='" &
> Replace(Request.Form("password"),"'","''") & "'"
> MM_rsUser.CursorType = 0
> MM_rsUser.CursorLocation = 2
> MM_rsUser.LockType = 3
> MM_rsUser.Open
> If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
> ' username and password match - this is a valid user
> Session("MM_Username") = MM_valUsername
> If (MM_fldUserAuthorization <> "") Then
> Session("MM_UserAuthorization") =
> CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
> Else
> Session("MM_UserAuthorization") = ""
> End If
> if CStr(Request.QueryString("accessdenied")) <> "" And false Then
> MM_redirectLoginSuccess = Request.QueryString("accessdenied")
> End If
> MM_rsUser.Close
> Response.Redirect(MM_redirectLoginSuccess)
> End If
> MM_rsUser.Close
> Response.Redirect(MM_redirectLoginFailed)
> End If
> %>
>
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Sep 06, 2006 Sep 06, 2006
LATEST
Thanks, I go for the unique username solution, seems like that is preferable.
THANKS!
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines